Agents were assuming the org infra repo is what Flux watches directly.
The actual flow is: org/infra → cpfarhood/kubernetes (Flux watches this).
New policy explains:
- Existing resources: commit to org infra repo, Flux picks it up
- New resources (namespaces, kustomizations, secrets): also needs
a cpfarhood/kubernetes change — escalate to the board
- Never assume committing to org infra repo is always sufficient
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Stripped rules that are already in POLICIES.md from all 28 SOUL.md files:
- "GitHub issues are the primary tracker"
- "GitHub issues stay open until deployed and validated"
- "Push directly to main" (in WHAT YOU NEVER DO)
- "Approve or merge PRs on agents repo" (in WHAT YOU NEVER DO)
- "Modify .github/workflows" (in WHAT YOU NEVER DO)
Also fixed:
- CartSnitch CTO: removed stale merge authority (contradicted POLICIES.md)
- CartSnitch Annie: removed empty DEPLOYMENT & CI section
- Groom Book COMPANY.md: updated roster with all 6 agents
- PRI COMPANY.md: removed Samuel, added VP Product, updated models/adapters
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Each org now has a -dev namespace where agents can freely use kubectl
for testing and iteration. Production namespaces remain Flux-only.
Access model:
- Cluster-wide: read-only
- Production namespace: read-write (Flux-managed, no manual kubectl)
- Dev namespace: read-write (agents may use kubectl freely)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CMOs (Savannah, Addison, Clipper):
- Switched from claude_local/sonnet to opencode_local/minimax
- Uses MINIMAX_API_KEY secret_ref (direct MiniMax API, not OpenRouter)
- opencode.json with web search MCP
- Removed .mcp.json (claude_local only)
- promptTemplate required in DB (no instructionsFilePath)
QAs (Betty, Regina, Lint Roller):
- Switched from openrouter/minimax to minimax direct
- Model: minimax/MiniMax-M2.7 (was openrouter/minimax/minimax-m2.7)
- Uses MINIMAX_API_KEY instead of OPENROUTER_API_KEY
VP Products: unchanged (stay on opus, .mcp.json for web search MCP only)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- .mcp.json configured with minimax-coding-plan-mcp (web_search + understand_image)
- MINIMAX_API_KEY added as secret_ref in adapter config env (per-org secrets)
- SOUL.md updated with web search usage guidance
- Keys stored in Paperclip secrets, not in repo
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CEOs were missing issues in repos not explicitly listed (e.g.,
groombook/infra, PRI plugin repos). Now uses gh repo list to
discover all repos in the org at triage time.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
All infra changes go through the infra repo and Flux reconciliation.
No manual kubectl apply, no direct cluster modifications.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Documents the curl commands for creating and reassigning Paperclip issues,
with guidance on required fields (title, description, assigneeAgentId, parentId)
and the rule: never leave work unassigned.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Provides every agent with the exact API calls for creating assigned
issues and reassigning existing ones. Includes curl examples with
assigneeAgentId, parentId, and run ID headers.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- All CMOs now own and execute the full marketing function (IC work)
- Removed delegation language — no subordinates to delegate to
- Removed GitHub auth and gh commands from CMO heartbeats (CMOs don't use GitHub)
- PRI: removed Samuel Stinkpost references (terminated)
- PRI: updated Addison's capabilities and SOUL.md
- Groom Book: hired Clipper McGee as CMO
- Updated org charts in CLAUDE.md and CEO SOUL.md files
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replaced hardcoded "Check for assigned work from <manager>" and
pnpm paperclipai CLI with consistent inbox-lite API call.
Agents work on whatever is assigned regardless of who assigned it.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
AGENTS.md files are prose-first (no heading required — MD041), mix
list styles (MD004), and use tight lists in compact docs (MD032).
These are structural choices for agent prompts, not markdown errors.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Agent prompts, operational docs (OPERATIONS.md, POLICIES.md, TOOLS.md),
and marketing SOUL files intentionally use long lines, compact heading
style, and fences inside blockquotes. Disabling MD013, MD022, MD031,
and MD040 prevents false-positive CI failures on these files.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Updated across all POLICIES.md and SOUL.md files in all orgs.
Merging is a step in the process, not the finish line.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CEOs and CTOs stay on claude-opus-4-6 (strategy, architecture, judgment).
IC agents move to claude-sonnet-4-6 (implementation, routine execution).
Lint Roller set up as opencode_local with minimax-m2.5 (matching Regina).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The previous CI workflow was removed, leaving the agents repo with no CI.
This restores markdownlint-based CI with a config that disables rules
incompatible with agent prompt files (bare URLs, inline HTML, emphasis
headings). Uses ARC runners and actions/checkout@v6.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PRI agents were still referencing local TOOLS.md (deleted).
Now uses absolute paths to shared root files.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Each org has self-hosted ARC runners that scale to zero when idle.
Runner labels standardized to runners-<org> format.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
All agents now use App ID 3097914 (privilegedescalation-paperclip) with
the shared PEM at /paperclip/secrets/github-pems/privilegedescalation.pem.
Individual per-agent PEMs have been removed from the k8s secret.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The previous directive told agents to exit on 401, causing them to bail
on the first failed curl. PAPERCLIP_API_URL is injected by the adapter
but may not expand in all shell contexts. Fall back to localhost:3100.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Agent memory files can contain secrets (API keys, credentials, infra
details). These must not be committed to git. Memory persists on the
pod's persistent volume. Git is for board-authored config only.
- Added life/ and memory/ back to .gitignore
- Removed git add/commit/push from CEO heartbeat sync (pull-only now)
- Removed auto-merge workflow (no longer needed)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CEO commits memory/runtime updates to agent-sync branch instead of main.
GitHub Actions workflow auto-merges agent-sync into main on push.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Added explicit directive to all heartbeats: PAPERCLIP_API_KEY and other
env vars are pre-injected and valid — do not inspect, decode, verify,
or debug them. Exit cleanly on 401 instead of retrying.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- .gitignore: exclude runtime junk (.claude/, .cache/, .npm/) but track
life/ and memory/ so agent knowledge persists across pod restarts
- CEO heartbeat: git add + commit local changes before pull --rebase,
then push to persist memory files in the repo
- Fixes agents wasting turns debugging dirty working tree on every heartbeat
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Every agent now invokes the persistent memory skill for cross-heartbeat
knowledge retention: facts, daily notes, entities, synthesis, and recall.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
mode, effort, variant, modelReasoningEffort are not applicable to
opencode_local/minimax and were UI artifacts.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Chris Farhood
Samuel Stinkpost
Hugh Hackman